this is assuming that you are talking to the second party and not in fact me
sitting in the middle grabbing credentials, possibly by this stage already
pretending to be that second party
Sorry, if you don't have the second parties private key, you don't get to be them. and if you do have it, then there's no reason for you be in the middle.
its also assuming you understand your certificates, keys and trust. i'd bet most users will click yes when presented with a 'do you trust this new key' message.
[joelja@twin ~]$ ssh -l joelja twin
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
c3:b4:d9:ba:f9:ab:58:0e:98:d4:12:6c:cf:d2:3c:55.
Please contact your system administrator.
Add correct host key in /home/joelja/.ssh/known_hosts2 to get rid of this message.
Offending key in /home/joelja/.ssh/known_hosts2:24
RSA host key for twin has changed and you have requested strict checking.
The authenticity of host 'twin (128.223.214.27)' can't be established.
is fairly unequivical...